As information security has become a top priority for companies of all shapes and sizes, many are creating a position called the Information Security Officer (ISO). In fact, financial institutions are required to have an Information Security Officer. And, the ISO cannot pull double duty as the network administrator in order to satisfy requirements for separation of duties. Unfortunately, not every company can afford to pay a full-time, "qualified" person for the ISO role. Therefore, many companies are employing a "virtual" Information Security Officer (vISO) as an alternative.

​

A virtual Information Security Officer is typically a contract employee or a consulting group that can help fill the gaps on your IT or IS team. The vISO can help with:

​

Information security program development

Policy development

Control implementation

Incident response

Vendor management

Management reporting

Risk assessment

Information security strategy

Vulnerability management

IT Audit remediation

​

Virtual Innovation has been helping financial institutions and healthcare companies develop and enhance their information security programs (ISPs) since 2010. For larger organizations, we are part of the team that supports senior management with information security strategy. In smaller organizations, we act in the role of the information security officer and help with the day-to-day protection of the information systems and resources. Even though the concept of the vISO is relatively new, we have been providing the vISO service to clients since our company was founded. In fact, we built our company around "virtual" solutions.

​

Our Approach

Based on the size and complexity of the organization and considering budget and requirements, we help our clients develop the information security program that fits their exact needs. ​Once the program is established, we can stay on as "part of the team" to ensure that the program and processes are implemented properly. In some cases, we help the company hire or develop information security professionals. In other cases, we play an active role in the operation and management of the program. We assist with system monitoring, management reporting, incident response, and testing information security processes and controls. Many of our clients feel that having access to outside experts is less costly and offers more stability than trying to maintain an internal staff of information security professionals. We can help develop the information security strategy that fits your needs and your budget.

​

Our experienced team of dedicated information technology and security specialists can help you protect your systems and resources. For more information, please contact Eric Kroeger at 219-405-6533.